Medical practices have a high risk of cyber attacks. Because practices collect personally identifiable information from patients, including minors, medical providers have one of the highest risk databases. This information can include social security numbers, birth dates, health records, addresses, payment information and more.

Consider these statistics:

If your practice experienced a breach from a cyber attack, the HIPAA Breach Notification Rule may require you to notify patients, offer identity theft monitoring and notify the media. Imagine the uncomfortable conversations with patients and patients’ parents about their data or their child’s data being compromised.

Luckily, there are steps you can take to help protect your practice. First, it is important to understand the types of cyber attacks threatening medical providers.

Types of Cyber Attacks Threatening Medical Providers

Social engineering/phishing

Phishing campaigns involve tricking a person into compromising their computer system by giving away their password or downloading a malicious file. Often a hacker sends a phishing campaign email impersonating a coworker, IT department or familiar vendor.

Messages alert you to a new invoice, suspicious account activity or payment problem. The hacker provides a link to log in to your account or download an important document. Once you do, the hacker has access to your business computer systems.


A phishing campaign can turn into a ransomware attack once the hacker has access to your system. The hacker installs a malicious program that encrypts your data so you can’t access your files. Then, the hacker demands a ransom in cryptocurrency to release your files.

The hacker may also steal a copy of your data and expose private information to coerce a payment. Even if you pay, there’s no guarantee you’ll get your files back and the damage to your reputation and business can be costly.

Loss or theft of equipment is also a common avenue for cyber criminals. Laptops, USB drives and smart phones with access to your practice’s records can be valuable in the hands of hackers.

Help Prevent Cyber Attacks Threatening Medical Providers

To help prevent a phishing campaign or ransomware attack, proper employee training and security protections are a must:

  • Train employees to recognize phishing attempts.
  • Backup systems securely with offline storage.
  • Install new security patches and software updates.
  • Turn on two-factor authentication for login access.
  • Scan and filter email and web traffic for better safety.
  • Monitor the network for unusual or suspicious activity.
  • Limit access to protect employees and company data.
  • Never leave your work devices unattended.
  • If a device is lost or stolen, notify a supervisor or IT professional immediately.
  • Always encrypt sensitive data on your device.
  • Create an incident response plan to minimize risk.

Cyber Liability Insurance from the Lockton Affinity

Costs associated with a cyber attack can add up quickly, but Cyber Liability insurance is available to help protect your practice against these costs.

CMA members have access to Cyber Liability Insurance from Lockton Affinity. This policy can help cover the costs associated with notifying all affected parties, ongoing credit monitoring, outside investigations and more.

Help protect your practice against the increasing threat of cyber attacks. Get Cyber Liability Insurance today.